Re: [389-users] Problem with samba and 389 Directory server with LDAPS

[David Hoskinson <david.hoskinson@xxxxxxxxxxxx>]

[2011/09/28 11:23:13, 2] lib/smbldap.c:smbldap_open_connection(786)

  smbldap_open_connection: connection opened

[2011/09/28 11:23:13, 10] lib/smbldap.c:smbldap_connect_system(951)

  ldap_connect_system: Binding to ldap server ldaps://adm301.stag.cle.us as "cn=Directory Manager"

[2011/09/28 11:23:13, 2] lib/smbldap.c:smbldap_connect_system(982)

  failed to bind to server ldaps://”FQDN of server”.stag.cle.us with dn="cn=Directory Manager" Error: Can't contact LDAP server

        (unknown)

 

And yes I can resolve the hostname which I have sanitized.

 

Thanks for the tip, but that doesn’t seem to help, still have same result.   This was just working on another machine but I had to put that one back to the way it was, and must have missed something.  Any more thoughts?

 

From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Angel Bosch Mora
Sent: Wednesday, September 28, 2011 3:39 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Problem with samba and 389 Directory server with LDAPS

 

you have to use FQDN when connecting securely. and you have to use the exact name used in the certificate.

---

I am getting the following message in the /var/log/samba/smbd.log file when I start up samba and try to connect as a user.

 

[2011/09/27 14:23:33, 1] lib/smbldap.c:another_ldap_try(1153)

  Connection to LDAP server failed for the 15 try!

[2011/09/27 14:23:34, 10] lib/smbldap.c:smb_ldap_setup_conn(630)

  smb_ldap_setup_connection: ldaps://192.168.3.79

[2011/09/27 14:23:34, 2] lib/smbldap.c:smbldap_open_connection(786)

  smbldap_open_connection: connection opened

[2011/09/27 14:23:34, 10] lib/smbldap.c:smbldap_connect_system(951)

  ldap_connect_system: Binding to ldap server ldaps://192.168.x.x as "cn=directory manager,dc=stag,dc=cle,dc=us"

[2011/09/27 14:23:34, 2] lib/smbldap.c:smbldap_connect_system(982)

  failed to bind to server ldaps://192.168.x.x with dn="cn=directory manager,dc=stag,dc=cle,dc=us" Error: Can't contact LDAP server

        (unknown)

 

Relevant part of the smb.conf

 

   passdb backend = ldapsam:ldaps://192.168.x.x

   ldap suffix = dc=stag,dc=cle,dc=us

   ldap machine suffix = ou=people

   ldap user suffix = ou=people

   ldap group suffix = ou=groups

   ldap passwd sync = yes

   ldap admin dn = cn=directory manager,dc=stag,dc=cle,dc=us

   obey pam restrictions = yes

 

I was able to run smbpasswd –w to add the dn admin password to the secrets.tdb but am unable to add additional users as well, again getting a cannot contact ldap server message.  I had this working on another machine, but that machine was needed for another purpose and lost the setup.  I know I must be missing something simple and am checking the HOWTO for samba on the 389-Directory Server site.

David Hoskinson | DATATRAK International
Systems Engineer
Mayfield Heights, Ohio, USA 
+1.440.443.0082 x 124 (p) | +1.216.280.5457 (m)
david.hoskinson@xxxxxxxxxxxx | www.datatrak.net

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users